flashh4
-
Content Count
3035 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by flashh4
-
-
Hey Carol, the AdwCleaner program did not get ran correctly ! So i need you to re-run the scan again then after the scan make sure you click the "Clean" Button ! Then you will get a new log copy/paste it for me !
Thanks
Chuck
-
Howdy CarolAnn and welcome to BestTechie !!!
My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.
Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!
If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Perform all actions in the order given.
Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !
Do Not Remove anything or run any tools/programs until advised to do so !
Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.
==============================
Download Farbar Recovery Scan Tool, or FRST, from the following location: FRST Download Link >>> http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
When you click on the above link you will be brought to a download page. Please click on the Download Now 32-bit version or Download Now 64-bit version button depending on the bit type of your Windows version. If you are unsure what bit-type your installed Windows is, please consult this tutorial:
How to tell if you are running a 32-bit or 64-bit version of Windows >>> http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/
Once you click on the appropriate download button, you will be brough to a downloading screen, where if you wait, the download will automatically start. If you see a prompt asking if you wish to Run or Save the file, please click on the Save button and save it to your desktop.
Your browser will now download FRST and save it on your Desktop.
Now double-click on the FRST.exe or the FRST64.exe icon depending on which version you downloaded to start the program. Once you double-click the icon a User Account Control warning may also appear asking if you are sure you would like to run the program.
Click on the Yes button to allow FRST to start. If no warning appeared, as shown above, then you should just continue reading.* FRST will now display a Disclaimer of Warranty window. Please read through this agreement, and if you agree to it, please click on the Yes button to continue.
* At this point, please do not change any options and just click on the Scan button to begin the scanning !
* The scanning process can take a while, so please be patient while FRST scans your computer and creates and report that can be used by our helpers. When FRST is done generating the * reports it will create them as FRST.txt and Addition.txt in the same location as you downloaded and ran FRST from. If you ran it from the Windows desktop, then the reports will be made there. The program will then display a prompt stating that it has finished
* Please click on the OK button and FRST will display the FRST.txt log in a Notepad window.
* FRST will then display another prompt that states the second log, Addition.txt, is about to be shown as well. Press the OK button and a Notepad window will open that displays the Addition.txt log !Copy & paste those logs for me !!
NEXT
AdwCleaner
Please download https://toolslib.net/downloads/viewdownload/1-adwcleaner/ by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
Windows XP : Double click on the icon to run it.Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
*Click on the Scan button.
*AdwCleaner will begin to scan your computer like it did before.
*After the scan has finished .......
This time, click on the "Clean" button.
*Press OK when asked to close all programs and follow the onscreen prompts.
*Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
*After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
*Copy and paste the contents of that logfile in your next reply.
*A copy of that logfile will also be saved in the C:\AdwCleaner folder.
NEXT
Please download http://thisisudax.org/downloads/JRT.exe]JUNKWARE Removal Tool and save to your desk top.Shut down your protection software now to avoid potential conflicts.
* Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next reply !Re-Boot your computer now !!
So to sum things up, i need you to copy/paste these logs:
1. FRST log(s)
2. AdwCleaner.exe (log)
3. Junkware log
Thanks
Chuck
-
CarolAnn830 ...... I will try & help you ! Please start a topic in the Malware Removal Section !
Thanks
Chuck
-
-
David Adam, Welcome to the forum !! You do realize this post is from 2009 don't you ??
Chuck
-
Welcome to the Forum Alex ! My guess would be someone joined the ranks of the unemployed !!
Chuck
-
I think you click the 1st file to be removed then hold the CTRL and ALT while clicking the other files to be removed !! Hope that will help !!
Chuck
-
Seems like i read about this a few weeks ago or something like it. They just went back & deleted the file after the transfer was complete or something to that effect !! I don't work a lot with problems of this nature mostly Malware is what i specialize in !!
Hope you get the solution figured out !!
Chuck
-
-
Happy Birthday Jeff ! Hope today becomes a Special day !!
-
Hey Jim_Kart welcome to the Forums, i thought maybe BesTTechie (Jeff) might be able to answer your question ! He is the most likely with the knowledge in this subject !!
Good Luck
Chuck
-
No it looks good !! I will close this topic in 5 days !!
Thanks
Chuck
-
Ok looks good & clean !! Run it for a day & see if it's any faster. If not try moving it closer to the Modem & then try !!
Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
Download Delfix to your desktop and double click it to start the program [url=http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14102815956339&key=bf4adfcbb328b51c165afd7f95bfc060&libId=64704d6e-537a-4ac2-beea-64e5d35e3f5f&loc=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F342065-very-slow-computer-aswmbr-rootkit-not-working%2Fpage-2&v=1&out=https%3A%2F%2Ftoolslib.net%2Fdownloads%2Fviewdownload%2F2-delfix%2F&ref=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Fforum%2F37-virus-spyware-malware-removal%2F&title=Very%20slow%20computer%2C%20aswMBR%20rootkit%20not%20working%20%5BClosed%5D%20-%20Page%202%20-%20Virus%2C%20Spyware%2C%20Malware%20Removal&txt=here]here[/url]
Ensure Remove disinfection tools is ticked
Also tick:
o Create registry backup
o Purge system restoreo Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.You can delete any log files left on your desktop as these are no longer needed. Or any programs which did not get removed !!!!
==========================
Congratulation you are clean !!!Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !
Here are some tips to reduce the potential for spyware infection in the future:
Here are some tips to reduce the potential for spyware/malware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click onOptions.
Click once on theSecurity tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
[url=https://addons.mozilla.org/en-US/firefox/addon/noscript/]NoScript[/url][/color][url= https://adblockplus.org/en/firefox] adblock plus[/url]
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
[url=http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html]Online Armor Free[/url]
[url=http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html]Agnitum Outpost Firewall Free [/url]
[url=http://personalfirewall.comodo.com/]Comodo Firewall Free [/url]
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
6.[url=http://www.mywot.com/]WOT[/url](Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
7. Finally, I strongly recommend that you read Miekiemoes' great advice [url= http://users.telenet.be/bluepatchy/miekiemoes/prevention.html] How to prevent malware[/url] .
Let me know how it's running ?
Any problems ?
It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!Let me know in a few days how it's running !!
Thanks
Chuck -
Hey, ok !!!!!!
We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
* Double-click OTL.exe to start the program.
* Copy and Paste the following code into the http://img.photobucket.com/albums/v317/flashh4/Paste%20OTL%20script%20here.png text box of the OTL tool/program ! Start with and include the colon plus :OTL
Copy everything in RED and Paste into the box in the OTL program !!
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FF - user.js - File not found
[2017/06/02 06:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janet\AppData\Roaming\mozilla\Extensions
[2017/06/02 06:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janet\AppData\Roaming\mozilla\Firefox\Profiles\pgfqi7q9.default\extensions
[2017/06/30 15:34:26 | 000,009,974 | ---- | M] () (No name found) -- C:\Users\Janet\AppData\Roaming\mozilla\firefox\profiles\pgfqi7q9.default\features\{4a719f1f-fab3-450b-aed4-a98d368d2c83}\[email protected]
[2017/06/30 15:34:26 | 000,044,954 | ---- | M] () (No name found) -- C:\Users\Janet\AppData\Roaming\mozilla\firefox\profiles\pgfqi7q9.default\features\{4a719f1f-fab3-450b-aed4-a98d368d2c83}\[email protected]
[2017/06/30 15:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Janet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0\
O8:64bit: - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Commands
[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]
# Then click the Run Fix button at the top.
# Clickhttp://img.photobucket.com/albums/v317/flashh4/btnOK.png[/IMG]
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.Post that log next !
Thanks
Chuck
-
Ok lets run 1 more & then i can read threw it, it will take me a few minutes to check it !!
Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr
If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.
* Check the following.o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.* Please post me both logs. This may have to be broken into more than one post !
Chuck
-
Not much there Janet, please continue when you can !
Thanks
Chuck
-
Hi Janet,
Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!
If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Perform all actions in the order given.
Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !
Do Not Remove anything or run any tools/programs until advised to do so !
Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.
===================================
AdwCleaner
Please download https://toolslib.net/downloads/viewdownload/1-adwcleaner/ by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
Windows XP : Double click on the icon to run it.Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
*Click on the Scan button.
*AdwCleaner will begin to scan your computer like it did before.
*After the scan has finished .......
This time, click on the "Clean" button.
*Press OK when asked to close all programs and follow the onscreen prompts.
*Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
*After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
*Copy and paste the contents of that logfile in your next reply.
*A copy of that logfile will also be saved in the C:\AdwCleaner folder.
NEXT
Please download http://thisisudax.org/downloads/JRT.exe]JUNKWARE Removal Tool and save to your desk top.Shut down your protection software now to avoid potential conflicts.
* Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next reply !Re-Boot your computer now !!
NEXT
Download the free version Malwarebytes' Anti-Malware (save it to your desktop). >>> https://www.malwarebytes.org/antimalware/
* Windows XP : Double click on the icon to run it.
* Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
* On the Dashboard click on Update Now
* Go to the Setting Tab
* Under Setting go to Detection and Protection
* Under PUP and PUM make sure both are set to show Treat Detections as Malware
* Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
* Then on the Dashboard click on Scan
* Make sure to select THREAT SCAN
* Then click on ScanWhen the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
Thanks
Chuck
-
It's all been good. Some of the old gang stops in & says Hello from time to time !! I'm here for the duration do cleaning of computers, going on about 17 yrs now total !!
Chuck
-
-
Good to see ya bearskin it's bee
n a long time ! Hope all has been well with you & the family !!
Chuck
-
hpg3, That would be my action also !! Some i do believe would be related to your system !
Chuck
-
A thought : you might back them up to a disk/flash drive then delete one at a time then wait a few weeks to see if it was needed for your system, then continue with the others to see if any error shows up also !! Just a thought of what i would try !!
Hope that helps !
Chuck
-
This topic is now locked !! If for any reason you need it re-opened please PM me or any Mod !!
Thanks
Chuck
-
You are most welcome ! I will lock this topic in 5 days !
Thanks
Chuck
Here u go Flash...HP Envy laptop w Win 10 and Samsung Galaxy S7 Edge hacked???
in Malware Removal
Posted
Carol, after reading through these logs there is a lot we need to clean out & remove from your computer !
So after you run the AdwCleaner program again & have it clean everything, post the log !
NEXT
Download the free version Malwarebytes' Anti-Malware (save it to your desktop). >>> https://www.malwarebytes.org/antimalware/
* Windows XP : Double click on the icon to run it.
* Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
* On the Dashboard click on Update Now
* Go to the Setting Tab
* Under Setting go to Detection and Protection
* Under PUP and PUM make sure both are set to show Treat Detections as Malware
* Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
* Then on the Dashboard click on Scan
* Make sure to select THREAT SCAN
* Then click on Scan
When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
NEXT
Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr
If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
* Double click OTL.exe to launch the program.
* Check the following.
o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList
* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.
o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.
* Please post me both logs. This may have to be broken into more than one post !
Post Next:
1. New AdwCleaner log
2. MBAM (malwarebytes) log
3. OTL log
Thanks
Chuck